An anonymous group of hackers has posted an online database containing the usernames and phone numbers of 4.6 million Snapchat users, despite the service claiming “various safeguards” were in place.
Security concerns first came to light when Australian research group Gibson Security highlighted a vulnerability on Christmas Day, explaining how it could be exploited. Gibson said it had raised the issue months ago with Snapchat but its concerns had been ignored.
Following Gibson’s post, Snapchat posted on its blog to reassure users it took their privacy very seriously.
“Theoretically, if someone were able to upload a huge set of phone numbers, like every number in an area code, or every possible number in the US, they could create a database of the results and match usernames to phone numbers that way,” the blog post read.
“Over the past year we’ve implemented various safeguards to make it more difficult to do. We recently added additional counter-measures and continue to make improvements to combat spam and abuse.”
However, an anonymous group of hackers then created a website called SnapchatDB, which included usernames and phone numbers of Snapchat users in the US.
Those posting the information censored the last two digits of the phone numbers “to minimise spam and abuse”. However, the SnapchatDB website, which has since gone offline, said it may release the full database “under certain circumstances”.